Nmap Development mailing list archives
Re: Problem using the dhcp-discover script for Nmap
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 21 Jul 2011 14:01:07 +0200
Hi all, Paul confirmed that this new script worked as expected so I've committed it as r25137. Regards, Patrik On Jul 15, 2011, at 10:14 AM, Patrik Karlsson wrote:
Hi Paul, Seems that I was using some relatively new functionality that didn't make it into the release your running. I've made some changes to the script to handle this, I hope, but you will need to tell nmap the interface you will be using by adding the -e switch. So, the command would be: nmap --script broadcast-dhcp-discover -e eth0 If your expecting the packet to go out on eth0. Let me know how this On Jul 15, 2011, at 9:09 AM, Paul Courbis wrote:Hi Thanks for your prompt answer but Iit's seems that I'm missing something (or I am completely idiot :-D)) I replaced the dhcp.lua file Whenb I do (as root) : nmap --script broadcast-dhcp-discover, nmap warns me about the fact that No target where specified (so 0 host scanned) and ends with no result I also tried to add my DHCP's server IP address. I shown the open ports (such as a nomal nmap scan) but nothing more. Same thing with -sV or -sU -p67 options I'm wondering if the script is really executed ? But if I mistype the script names, it gaves an error telling me the script wasn't found I try to run the script with debugging option and it gaves me the followin error : linux-t26r:~ # nmap -v -d --script broadcast-dhcp-discover Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-07-15 09:05 CEST PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0) --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 1) scan. NSE: Starting broadcast-dhcp-discover. Initiating NSE at 09:05 NSE: broadcast-dhcp-discover threw an error! ...in/../share/nmap/scripts/broadcast-dhcp-discover.nse:63: attempt to call field 'list_interfaces' (a nil value) stack traceback: ...in/../share/nmap/scripts/broadcast-dhcp-discover.nse:63: in function 'getInterfaces' ...in/../share/nmap/scripts/broadcast-dhcp-discover.nse:140: in function <...in/../share/nmap/scripts/broadcast-dhcp-discover.nse:118> (tail call): ? Completed NSE at 09:05, 0.00s elapsed NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 1) scan. Read from /usr/local/bin/../share/nmap: nmap-services. WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.05 seconds Raw packets sent: 0 (0B) | Rcvd: 0 (0B) Please tell me if you need more debug output/test/etc.. I'm running latest openSuse on a dell laptop, with Nmap 5.59BETA1 Best regards and thanks for your support Paul -- Paul Courbis 2011/7/14 Patrik Karlsson <patrik () cqure net> Hi Ron & Paul, We've been splitting scripts that do broadcast up into separate scripts (prefixed by broadcast-) for more flexibility. Therefore, I have written a new script (script broadcast-dhcp-discover.nse) that makes use of the dhcp library to achieve broadcast DHCP requests. In order to do so, I had to do some small changes to the dhcp.lua library that I'm attaching as well. The new script attempts to send a request to the broadcast address and then listens on all ethernet interfaces that are up for a response. The reason for this is that I wanted to avoid having to supply the interface to use on the command line. Paul, as I'm not sure which version of Nmap your running I'm attaching a copy of the patched dhcp library as well. in order to try the script out, you need to copy the dhcp.lua library into nselib and the broadcast-dhcp-discover.nse script into the scripts directory. Once this is done you should be able to try the script out using the following command: sudo nmap --script broadcast-dhcp-discover As you may have concluded from sudo, the script needs to be run as root. Let me know if/how this works out for you! Oh, and if anyone else on nmap-dev would like to help testing, you're more than welcome :) Regards, Patrik On Jul 14, 2011, at 3:18 AM, Ron wrote:On Wed, 13 Jul 2011 14:22:53 +0200 Paul Courbis <paul () courbis com> wrote:Hi I'm sorry to bother you about this but I can't figure out how to make your script work. I have a network with a DHCP server (actually a "Livebox", an ADSL box frow Orange/France Telecom). It works quite well and returns IPs when using dhclient for example. I try ro use your script. As far as I understand, when doing something like "nmap -sV --script=dhcp-discover <DHCP server IP address>" I should received some information such as descrbed in http://nmap.org/nsedoc/scripts/dhcp-discover.html (ie IP offered, etc...) I try to run this on my openSuse 11.4 linux (using both the lastest stable or beta version of nmap) but after a long time it gives nothing. The udp/67 port is even not listed. I also tried to do something like "nmap -sU -p67 --script=dhcp-discover x.x.x.x" but I just get the fact that 67/udp is "open|filtered" but nothing more. What am I doing wrong ? Thanks in advance Best regards Paul -- Paul CourbisHey Paul, The protocol for dhcp is a little messed up. I've noticed that certain implementations will only respond if it receives a request on the broadcast address rather than a standard UDP/67 connection. I think we should add a prerule to the dhcp-discover script to do a broadcast. I'm CCing nmap-dev for opinions - I don't have time to do it right now, but hopefully somebody else can kick in and write it? Ron _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/-- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77-- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77
-- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Problem using the dhcp-discover script for Nmap Ron (Jul 13)
- Re: Problem using the dhcp-discover script for Nmap Patrik Karlsson (Jul 14)
- Re: Problem using the dhcp-discover script for Nmap Paul Courbis (Jul 15)
- Re: Problem using the dhcp-discover script for Nmap Patrik Karlsson (Jul 15)
- Message not available
- Re: Problem using the dhcp-discover script for Nmap Patrik Karlsson (Jul 21)
- Re: Problem using the dhcp-discover script for Nmap Paul Courbis (Jul 15)
- Re: Problem using the dhcp-discover script for Nmap Patrik Karlsson (Jul 14)